pre-exchange.yml (10756B)
1 --- 2 - name: Populate service facts 3 service_facts: 4 5 - name: Ensure SMS challenger service is stopped before we upgrade 6 ansible.builtin.systemd: 7 name: sms-challenger 8 state: stopped 9 enabled: false 10 when: "'SMS Challenger backend' in services" 11 12 - name: Ensure email challenger service is stopped before we upgrade 13 ansible.builtin.systemd: 14 name: email-challenger 15 state: stopped 16 enabled: false 17 when: "'Email Challenger backend' in services" 18 19 - name: Ensure postal challenger service is stopped before we upgrade 20 ansible.builtin.systemd: 21 name: postal-challenger 22 state: stopped 23 enabled: false 24 when: "'Postal Challenger backend' in services" 25 26 - name: Install Challenger packages (and dependencies) 27 ansible.builtin.apt: 28 name: 29 - challenger-httpd 30 - texlive-latex-base # for pdflatex of the postal challenger 31 - texlive-latex-recommended # for the scrlttr2.cls 32 state: latest 33 when: ansible_os_family == 'Debian' 34 35 - name: Ensure group "challenger-sms" exists 36 ansible.builtin.group: 37 name: challenger-sms 38 state: present 39 40 - name: Ensure user "challenger-sms" exists 41 ansible.builtin.user: 42 name: challenger-sms 43 group: challenger-sms 44 password: ! 45 system: true 46 state: present 47 48 - name: Ensure group "challenger-postal" exists 49 ansible.builtin.group: 50 name: challenger-postal 51 state: present 52 53 - name: Ensure user "challenger-postal" exists 54 ansible.builtin.user: 55 name: challenger-postal 56 group: challenger-postal 57 password: ! 58 system: true 59 state: present 60 61 - name: Ensure group "challenger-email" exists 62 ansible.builtin.group: 63 name: challenger-email 64 state: present 65 66 - name: Ensure user "challenger-email" exists 67 ansible.builtin.user: 68 name: challenger-email 69 group: challenger-email 70 password: ! 71 system: true 72 state: present 73 74 - name: Ensure /var/run/challenger-email/ directory exists 75 ansible.builtin.file: 76 path: "/var/run/challenger-email/" 77 state: directory 78 owner: challenger-email 79 group: www-data 80 mode: "0755" 81 82 - name: Ensure /var/run/challenger-sms/ directory exists 83 ansible.builtin.file: 84 path: "/var/run/challenger-sms/" 85 state: directory 86 owner: challenger-sms 87 group: www-data 88 mode: "0755" 89 90 - name: Ensure /var/run/challenger-postal/ directory exists 91 ansible.builtin.file: 92 path: "/var/run/challenger-postal/" 93 state: directory 94 owner: challenger-postal 95 group: www-data 96 mode: "0755" 97 98 - name: Ensure Ansible facts directory exists 99 ansible.builtin.file: 100 path: "/etc/ansible/facts.d/" 101 state: directory 102 owner: root 103 group: root 104 mode: "0700" 105 106 - name: Ensure /etc/taler-exchange/secrets directory exists 107 ansible.builtin.file: 108 path: "/etc/taler-exchange/secrets" 109 state: directory 110 owner: root 111 group: root 112 mode: "0755" 113 114 - name: Secret setup for sms-challenger 115 when: not local_facts['sms-challenger-client-secret'] is defined 116 ansible.builtin.command: 117 argv: 118 - setup-secret-fact 119 - /etc/ansible/facts.d/sms-challenger-client-secret.fact 120 - "secret-token:" 121 creates: /etc/ansible/facts.d/sms-challenger-client-secret.fact 122 123 - name: Secret setup for email-challenger 124 ansible.builtin.command: 125 argv: 126 - setup-secret-fact 127 - /etc/ansible/facts.d/email-challenger-client-secret.fact 128 - "secret-token:" 129 creates: /etc/ansible/facts.d/email-challenger-client-secret.fact 130 131 - name: Secret setup for postal-challenger 132 ansible.builtin.command: 133 argv: 134 - setup-secret-fact 135 - /etc/ansible/facts.d/postal-challenger-client-secret.fact 136 - "secret-token:" 137 creates: /etc/ansible/facts.d/postal-challenger-client-secret.fact 138 139 - name: Force ansible to regather just created fact(s) about challenger 140 ansible.builtin.setup: 141 filter: 142 - 'sms-challenger-client-secret' 143 - 'email-challenger-client-secret' 144 - 'postal-challenger-client-secret' 145 146 - name: Place SMS challenger config 147 ansible.builtin.template: 148 src: templates/etc/challenger/challenger-sms.conf.j2 149 dest: "/etc/challenger/challenger-sms.conf" 150 owner: root 151 group: challenger-sms 152 mode: "0640" 153 154 - name: Place Postal challenger config 155 ansible.builtin.template: 156 src: templates/etc/challenger/challenger-postal.conf.j2 157 dest: "/etc/challenger/challenger-postal.conf" 158 owner: root 159 group: challenger-postal 160 mode: "0640" 161 162 - name: Place email challenger config 163 ansible.builtin.template: 164 src: templates/etc/challenger/challenger-email.conf.j2 165 dest: "/etc/challenger/challenger-email.conf" 166 owner: root 167 group: challenger-email 168 mode: "0640" 169 170 - name: Place SMS challenger environment data 171 ansible.builtin.template: 172 src: templates/etc/challenger/sms-challenger.env.j2 173 dest: /etc/challenger/sms-challenger.env 174 owner: root 175 group: challenger-sms 176 mode: "0640" 177 178 - name: Place postal challenger environment data 179 ansible.builtin.template: 180 src: templates/etc/challenger/postal-challenger.env.j2 181 dest: /etc/challenger/postal-challenger.env 182 owner: root 183 group: challenger-postal 184 mode: "0640" 185 186 - name: Setup SMS Challenger database 187 ansible.builtin.command: 188 cmd: challenger-dbconfig -c /etc/challenger/challenger-sms.conf -u challenger-sms -n challenger-sms 189 chdir: /tmp 190 191 - name: Setup Postal Challenger database 192 ansible.builtin.command: 193 cmd: challenger-dbconfig -c /etc/challenger/challenger-postal.conf -u challenger-postal -n challenger-postal 194 chdir: /tmp 195 196 - name: Setup email Challenger database 197 ansible.builtin.command: 198 cmd: challenger-dbconfig -c /etc/challenger/challenger-email.conf -u challenger-email -n challenger-email 199 chdir: /tmp 200 201 - name: Force ansible to regather newly created fact(s) about sms-challenger 202 ansible.builtin.setup: 203 204 - name: Setup SMS Challenger exchange account 205 ansible.builtin.command: 206 argv: 207 - setup-challenger-client-id-fact 208 - /etc/ansible/facts.d/sms-challenger-client-id.fact 209 - challenger-sms 210 - /etc/challenger/challenger-sms.conf 211 - "{{ ansible_local['sms-challenger-client-secret'] }}" 212 - "{{ EXCHANGE_BASE_URL }}kyc-proof/sms-challenger" 213 creates: /etc/ansible/facts.d/sms-challenger-client-id.fact 214 215 - name: Setup Email Challenger exchange account 216 ansible.builtin.command: 217 argv: 218 - setup-challenger-client-id-fact 219 - /etc/ansible/facts.d/email-challenger-client-id.fact 220 - challenger-email 221 - /etc/challenger/challenger-email.conf 222 - "{{ ansible_local['email-challenger-client-secret'] }}" 223 - "{{ EXCHANGE_BASE_URL }}kyc-proof/email-challenger" 224 creates: /etc/ansible/facts.d/email-challenger-client-id.fact 225 226 - name: Setup Postal Challenger exchange account 227 ansible.builtin.command: 228 argv: 229 - setup-challenger-client-id-fact 230 - /etc/ansible/facts.d/postal-challenger-client-id.fact 231 - challenger-postal 232 - /etc/challenger/challenger-postal.conf 233 - "{{ ansible_local['postal-challenger-client-secret'] }}" 234 - "{{ EXCHANGE_BASE_URL }}kyc-proof/postal-challenger" 235 creates: /etc/ansible/facts.d/postal-challenger-client-id.fact 236 237 - name: Force ansible to regather fact(s) just created about sms-challenger 238 ansible.builtin.setup: 239 240 - name: Place sms-challenger systemd service file 241 copy: 242 src: etc/systemd/system/sms-challenger-httpd.service 243 dest: /etc/systemd/system/sms-challenger-httpd.service 244 owner: root 245 group: root 246 mode: "0700" 247 248 - name: Create file for sms-challenger logs 249 ansible.builtin.file: 250 path: /var/log/sms.log 251 state: touch 252 owner: challenger-sms 253 group: root 254 mode: "0664" 255 modification_time: preserve 256 access_time: preserve 257 258 - name: Place postal message template 259 copy: 260 src: etc/challenger/postal-message-template.txt 261 dest: /etc/challenger/postal-message-template.txt 262 263 - name: Place SMS message template 264 copy: 265 src: etc/challenger/sms-message-template.txt 266 dest: /etc/challenger/sms-message-template.txt 267 268 - name: Place email message template 269 copy: 270 src: etc/challenger/email-message-template.txt 271 dest: /etc/challenger/email-message-template.txt 272 273 - name: Place postal-challenger systemd service file 274 copy: 275 src: etc/systemd/system/postal-challenger-httpd.service 276 dest: /etc/systemd/system/postal-challenger-httpd.service 277 owner: root 278 group: root 279 mode: "0700" 280 281 - name: Place email-challenger systemd service file 282 copy: 283 src: etc/systemd/system/email-challenger-httpd.service 284 dest: /etc/systemd/system/email-challenger-httpd.service 285 mode: "0700" 286 287 - name: Ensure SMS challenger service is enabled and started 288 ansible.builtin.systemd: 289 daemon_reload: true 290 name: sms-challenger-httpd 291 state: started 292 enabled: true 293 294 - name: Ensure email challenger service is enabled and started 295 ansible.builtin.systemd: 296 name: email-challenger-httpd 297 state: started 298 enabled: true 299 300 - name: Ensure postal challenger service is enabled and started 301 ansible.builtin.systemd: 302 name: postal-challenger-httpd 303 state: started 304 enabled: true 305 306 - name: Generate challenger nginx configuration files (tls config) 307 ansible.builtin.template: 308 src: templates/etc/nginx/conf.d/challenger-tls.conf.inc 309 dest: /etc/nginx/conf.d/challenger-tls.conf.inc 310 owner: root 311 group: root 312 mode: "0644" 313 314 - name: Generate challenger nginx configuration files 315 ansible.builtin.template: 316 src: templates/etc/nginx/sites-available/{{ item }}.j2 317 dest: /etc/nginx/sites-available/{{ item }} 318 owner: root 319 group: root 320 mode: "0644" 321 with_items: 322 - sms-challenger-nginx.conf 323 - sms-challenger-http.conf 324 - email-challenger-nginx.conf 325 - email-challenger-http.conf 326 - postal-challenger-nginx.conf 327 - postal-challenger-http.conf 328 329 - name: Secure the auditor site with Letsencrypt 330 ansible.builtin.include_role: 331 name: cert 332 vars: 333 cert_name: challenger 334 wanted_cert_domains: 335 - "sms.challenger.{{ domain_name }}" 336 - "email.challenger.{{ domain_name }}" 337 - "postal.challenger.{{ domain_name }}" 338 nginx_sites: 339 - sms-challenger-nginx.conf 340 - postal-challenger-nginx.conf 341 - email-challenger-nginx.conf 342 - sms-challenger-http.conf 343 - postal-challenger-http.conf 344 - email-challenger-http.conf 345 346 - name: Enable postal challenger reverse proxy configuration 347 ansible.builtin.file: 348 src: "/etc/nginx/sites-available/{{ item }}" 349 dest: "/etc/nginx/sites-enabled/{{ item }}" 350 state: link 351 notify: Restart nginx 352 with_items: 353 - sms-challenger-nginx.conf 354 - postal-challenger-nginx.conf 355 - email-challenger-nginx.conf 356 - sms-challenger-http.conf 357 - postal-challenger-http.conf 358 - email-challenger-http.conf